SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!

SlimFTPd is a fully standards-compliant FTP server implementation with an advanced virtual file system. It is extremely small, but don't let its file size deceive you: SlimFTPd packs a lot of bang for the kilobyte. It is written in pure Win32 C++ and requires no messy installer. SlimFTPd is a fully multi-threaded application that runs as a system service on Windows 98/ME or Windows NT/2K/XP, and it comes with a tool to simplify its installation or uninstallation as a system service. Once the service is started, SlimFTPd runs quietly in the background. It reads its configuration from a config file in the same folder as the executable, and it outputs all activity to a log file in the same place. The virtual file system allows you to mount any local drive or path to any virtual path on the server. This allows you to have multiple local drives represented on the server's virtual file system or just different folders from the same drive. SlimFTPd allows you to set individual permissions for server paths. Open slimftpd.conf in your favorite text editor to set up SlimFTPd's configuration. The format of SlimFTPd's config file is similar to Apache Web Server's for those familiar with Apache.

SlimFTPd features:

Standards-compliant FTP server implementation that works with all major FTP clients

Fully multi-threaded 32-bit application that runs as a Windows system service on all Windows platforms

Supports passive mode transfers and allows resume of failed transfers

Small memory footprint; won't hog system resources

Easy configuration of server options through configuration file

All activity logged to file

Support for binding to a specific interface in multihomed environments

Exactly two years after SlimFTPd 3 became freeware, it is now open source under the BSD license.

Changes in version 3.18: (released 28-Dec-2005)

Recoded to use dynamically-sized strings rather than fixed-size buffers.

Switched some things to STL data structures to improve algorithm time complexities (in some cases from O(n) to O(log n)).

Compiled using the final release of Visual C++ 2005 Professional and switched to dynamic linking. (Sorry, but you're going to need the VC8 runtimes for something eventually.)

Fixed login username buffer overflow vulnerability.

Changes in version 3.17: (released 11-Jul-2005)

Fixed another buffer overflow vulnerability. Many thanks to Raphaël Rigo for reporting this bug and working with me to squash it.

Switched back to the C runtime library in Visual C++ 2005 for its new "secure" functions. I had to statically link to it since almost no one has the VC 8.0 runtime files, so unfortunately the executable file size is now almost five times larger. :(

Changes in version 3.16: (released 10-Nov-2004)

Fixed buffer overflow vulnerability (only exploitable if logged in)

Changes in version 3.15: (released 4-Jul-2004)

SlimFTPd 3 is now freeware! Thanks to all of you who supported me.

Changes in version 3.14: (released 7-Jul-2003)

Fixed the strange bug where system32 would show up in the root server listing

Finally finished the MaxConnections directive that should have been put in a long time ago

Changes in version 3.13: (released 4-Feb-2003)

Fixed file overwrite truncation bug

SlimFTPd is no longer dependent on the C/C++ runtime libraries

Executable size is down to 15.5 KB ;-)

Changes in version 3.12: (released 31-Jul-2002)

Fixed the concurrent session counter bug again. :-P

Changes in version 3.11: (released 5-Jun-2002)

Fixed bug where active session counter would not be decremented if user disconnected without logging off.

Changed passive-mode binding to accept data connection on any interface.